But bribery risks aren't spread out evenly; some areas are corruption hotspots, while others are relatively corruption free. Here are some ways to tell the difference.

You Can't Go on Reputation Alone

When assessing corruption risk, you want to be aware of current developments, not just past ones. The FBI's William McMurry, who deals with FCPA enforcement, recently told Thomson Reuters Regulatory Intelligence that risk assessments need to keep up to date. (Disclosure: Thomson Reuters is FindLaw's parent company.) Some areas once known for corruption or secrecy, such as Brazil or Switzerland, have taken significant anti-corruption actions recently, with other regions, like the Middle East, remain skeptical of global enforcement efforts.

Sometimes, the best option might be to have someone investigate directly. "The best cases are made by human beings," McMurry told Regulatory Intelligence's Richard Satran, "and if you don't have agents out there cultivating and learning the arena that you are operating in, you are not going to get the best cases."

Those investigations should also pay particular attention to "middle men" such as consultants and gatekeepers, since they are often the ones greasing palms. Companies "would be well advised to look at any connections they might have with employees or third parties who deal directly with government officials," according to Richard Girgenti of KPMG LLP's Forensic Advisory Services.

Hi-Tech Risk Assessment

If that seems a bit old school, there are also hi-tech strategies that can improve your ability to assess and spot risks. Big data tools can be used to spot suspicious patterns in "third-party payments, costly entertainment, communication records and travel," according to Satran.

And don't think that scrutiny is reserved for industries that have a reputation for corruption. "It's the emerging, middle-market companies that are the ones at the biggest risk from what we see," McMurry says.